Lucene search
K

4965 matches found

HackRead
HackRead
added 2026/05/20 1:55 p.m.14 views

GitHub Breach: TeamPCP Steals 3,800 Repositories via VS Code Extension

GitHub Breach: TeamPCP stole 3,800 internal repositories through a malicious VS Code extension and is now selling the data online for $95,000...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/05/19 7:49 a.m.13 views

Compromised Nx Console 18.95.0 Targeted VS Code Developers with Credential Stealer

Cybersecurity researchers have flagged a compromised version of the Nx Console extension that was published to the Microsoft Visual Studio Code VS Code Marketplace. The extension in question is rwl.angular-console version 18.95.0, a popular user interface and plugin for code editors like VS Code,...

6.1AI score
Exploits0
NVD
NVD
added 2026/05/15 4:16 p.m.12 views

CVE-2026-46508

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

8.4CVSS0.00158EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/05/15 3:50 p.m.8 views

CVE-2026-46508 Turborepo: VSCode Extension command injection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 2026/05/15 3:50 p.m.36 views

CVE-2026-46508

CVE-2026-46508 affects the Turborepo LSP VS Code extension. Before version 2.9.14000, the extension could execute shell commands derived from workspace-controlled values by interpolating them into string-based commands for Turborepo daemon commands and task runs. A malicious workspace could craft...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/05/15 3:50 p.m.44 views

CVE-2026-46508 Turborepo: VSCode Extension command injection

Turborepo is a high-performance build system for JavaScript and TypeScript codebases. Prior to 2.9.14000, the Turborepo LSP VS Code extension could execute shell commands derived from workspace-controlled values. The extension used string-based command execution for Turborepo daemon commands and...

8.4CVSS0.00158EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/15 12:0 a.m.10 views

Turborepo 命令注入漏洞

Turborepo is a high-performance JavaScript and TypeScript build system open source by Vercel. Versions of Turborepo 2.9.14000 and earlier contained a command injection vulnerability. This vulnerability stemmed from the LSP VS Code extension using string-based commands to execute Turborepo’s daemo...

8.4CVSS6.2AI score0.00158EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.49 views

Microsoft Visual Studio Code < 1.119.1 Multiple Vulnerabilities

The version of Microsoft Visual Studio Code installed on the remote host is prior to 1.119.1. It is, therefore, affected by multiple vulnerabilities, including: - Improper neutralization of special elements in output used by a downstream component 'injection' in GitHub Copilot and Visual Studio...

8.8CVSS6AI score0.00861EPSS
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2026/05/15 12:0 a.m.6 views

Microsoft Visual Studio Code Live Preview Extension < 0.4.19 Path Traversal (CVE-2026-41612)

The Microsoft Visual Studio Code Live Preview Extension installed on the remote host is prior to 0.4.19. It is, therefore, affected by a path traversal vulnerability: - Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally. CVE-2026-41612 No...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/14 12:0 a.m.7 views

Security Updates for Microsoft Visual Studio Products (May 2026)

The Microsoft Visual Studio Products are missing security updates. It is, therefore, affected by multiple vulnerabilities: - Heap-based buffer overflow in .NET allows an unauthorized attacker to elevate privileges locally. CVE-2026-32177 - A tampering vulnerability exists when .NET Core improperl...

7.3CVSS6.1AI score0.00711EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.15 views

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00495EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:23 p.m.15 views

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

6.3CVSS5.8AI score0.00599EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.14 views

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS6AI score0.00421EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/05/13 8:22 p.m.11 views

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.0052EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.15 views

CVE-2026-41613

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS0.0052EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.25 views

CVE-2026-41612

Relative path traversal in Visual Studio Code allows an unauthorized attacker to disclose information locally...

5.5CVSS0.00495EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.38 views

CVE-2026-41611

Improper neutralization of script-related html tags in a web page basic xss in Visual Studio Code allows an unauthorized attacker to execute code locally...

7.8CVSS0.00421EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 6:17 p.m.23 views

CVE-2026-41610

Improper neutralization of input during web page generation 'cross-site scripting' in Visual Studio Code allows an unauthorized attacker to bypass a security feature locally...

6.3CVSS0.00599EPSS
Exploits0References1
NCSC
NCSC
added 2026/05/12 5:53 p.m.12 views

vulnerabilities handled in Microsoft Developer Tools

Microsoft has addressed vulnerabilities in various Developer Tools. A malicious individual could exploit these vulnerabilities to carry out attacks that can cause the following types of damage: - Denial-of-Service DoS attacks - Bypass of security measures - Execution of arbitrary code user rights...

10CVSS6.2AI score0.0243EPSS
Exploits0
EUVD
EUVD
added 2026/05/12 4:59 p.m.18 views

EUVD-2026-29696

Session fixation in Visual Studio Code allows an unauthorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.0052EPSS
Exploits0References1
Rows per page
Query Builder